Are you certain SSL is turned off on your site? What happens if you click on the google link: does it show http or https?

If the latter then your site is responding to https, which looks like the case since google's link shows it with https and port 443.

Do you not use SSL at all? If not it looks as if something is set up incorrectly and someone, somewhere has posted an https url for the site that actually works - google would not, I think, infer it otherwise.

If SSL is turned on (and you don't use it) then ensure it's turned off. If your site is on virtual hosting or you can't get access to the domain setup then you would need to talk to your hosting company.

Yes, having your https urls indexed can be a source of ranking problems and lower traffic. It's one of many canonical url issues [webmasterworld.com].

We have a thread that discusses fixing this challenge in the Hot Topics area [webmasterworld.com], which is always pinned to the top of this forum's index page.

I do not have SSL turned on and I have never had SSL turned on

Somehow googlebot did get a response from those urls - so your understanding of how the server is set is not matching up with googlebot's experience. Have you tested them in a browser?

This is a shared hosting environment, I have emailed the host to try to see if there is something on their end that can be done, a redirect or something! This is a domain that was in use at some point previously before I picked it up hoever I could not find any traces other than 2 backlinks of the site, so I suppose it is possible there is a link out there using the https, however I was/am not able to track it down.
Thanks for the information/suggestions!

Yes, several sets of redirects will need to be carefully planned and implemented for non-www HTTP and for both www and non-www HTTPS.

I'd also fix up all of the index filename canonicalisation ahead of any rules for the rest of the site. The whole lot needs to be very carefully planned such that every URL sees only one redirect from bad to good.

That is, you must take steps to avoid a Redirection Chain for any type of URL request.

You don't say if you've tried the google link to see if https IS set up for your site. If it isn't then the site should return a 404 and google will (should!) ignore it. If the link works then you have a real problem and need to talk to your hosting manager.

If any site on a virtual server shares an IP with a site that has SSL (ie a certificate installed and (usually) port 443 enabled) then ALL sites on that IP potentially have SSL enabled. It happened to me many years ago.

In theory all sites except the official SSL one SHOULD have port 443 disabled but that's not guaranteed; it's up to the server manager how well it's set up.